In association with heise online

15 February 2007, 12:09

New zero-day hole in Word

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

After the recent Patch Tuesday, Windows users thought that Microsoft Office had finally been made secure. Unfortunately, documents have already popped up that exploit a previously unknown security hole in the word-processing program to inject malicious code. Microsoft says that attacks in which such a manipulated document was used have been limited and specifically targeted.

The software vendor did not provide any details on the security hole but merely stated that a specially prepared string in a Word document allows areas of memory to be overwritten; in the process, malicious code can be injected. In its security advisory, Microsoft recommends that users stay away from documents from untrustworthy sources. The security hole affects Word in Office 2000 and Office XP; according to Microsoft's advisory, it cannot be exploited in Office 2003, 2007 and Word Viewer 2003.

Developers are already working on an update to close the hole. To be on the safe side until a patch has been made available, users of the affected versions of Word should at least ask the sender of unsolicited Word documents whether they actually sent the message, such as by calling the sender on the phone. Users can also open such documents in Word Viewer.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit